Whats in a name?

Frankly, whether the latest high profile cyber attack is called “Petya” or “NotPetya” is a mute point for most people. It may be of interest to security analysts and IT professionals, but for the those running a business, regardless of what the ransomware is called, what impact could it have on their organisation and how can they avoid falling victim.

Well, search the news on the internet and you’ll see examples of the impact of such cyber attacks. Shipping and logistical businesses, pharmaceutical companies, marketing organisations, banks, all operationally hampered; even chocolate manufacturers. There hardly seems to be a sector within the economy or corner of the globe not affected?

It all starts with with the business’s strategy and in particular its (cyber) security strategy. Your business doesn’t have one? Well that could be one of the business’s most significant vulnerabilities, right there!

Interestingly, whilst there will be countless smaller businesses affected too, that news doesn’t hit the media headlines, where they are more interested in high profile names such as Cadburys, Maersk, FedEx and the like. But rest assured there will be plenty of companies which are not household names feeling the effects too, but why?

Earlier this week, Brian Lord, (former Deputy Director of Intelligence and Cyber Operations at the UK’s GCHQ) was interviewed on BBC Radio 4. As he observed, Petya (or NotPetya) recycles the same exploit as WannaCry. So, presumably any company, which took appropriate precautions to counter this known vulnerability after the highly publicised WannaCry outbreak in May shouldn’t be affected? Seems a logical conclusion. Therefore, it seems equally logical to assume that many organisations ignored the advice after WannaCry.

Cyber attacks, whether they’re called Petya, NotPetya or any other name you care to conjour up are here to stay. They are one of the downsides to the many benefits delivered by the digital / technological age we now find ourselves in. But, to ignore this growing phenomenon might merely give credence to Einstein’s observation that doing the same thing over and over again and expecting a different result is the definition of insanity. Lets hope this isn’t the underlying principle to the cyber security strategy adopted by many companies? So, if you don’t want to prove Einstein right, call us and we’ll give you some pointers as to how to avoid repeating those mistakes and being caught by attacks similar to WannaCry, Petya and NotPetya